Join the Mozilla’s Test Days event from 9–15 Jan to test the new Firefox address bar on Firefox Beta 135 and get a chance to win Mozilla swag vouchers! 🎁

Avatar for Username

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Ce sujet de discussion a été archivé. Veuillez poser une nouvelle question si vous avez besoin d’aide.

how do I check if I was affected by latest security bug

  • 4 réponses
  • 2 ont ce problème
  • 3 vues
  • Dernière réponse par Happy112

androdebugur
androdebugur
more options

I have been using firefox 48.0.2 while the latest security threat came into news. Now I have updated already, but how can I make sure that nothing happened during the period while I was using older version of firefox? I do use noscript addons.

I have been using firefox 48.0.2 while the latest security threat came into news. Now I have updated already, but how can I make sure that nothing happened during the period while I was using older version of firefox? I do use noscript addons.

Solution choisie

hi androdebugur, in case you are referring to the recently disclosed certificate pinning bug, eg. https://hackernoon.com/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4 i think it is quite improbably that it had practical implications.

for an attack to work, the attacker would need to be in a position to intercept, control and alter your network traffic and obtain a genuine trusted certificate for a mozilla.org domain - if both of these conditions applied i think there are also lots of other things to worry about, not only the integrity of addon updates...

Lire cette réponse dans son contexte 👍 0

Toutes les réponses (4)

Happy112
Happy112
more options

Hi &nsp; !

As long as you haven't downloaded or clicked on anything suspicious,   like fake updates,  you have nothing to worry about.
You're apparantly on the alert for these kind of things:   good for you   !

philipp
philipp
  • Moderator
more options

Solution choisie

hi androdebugur, in case you are referring to the recently disclosed certificate pinning bug, eg. https://hackernoon.com/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4 i think it is quite improbably that it had practical implications.

for an attack to work, the attacker would need to be in a position to intercept, control and alter your network traffic and obtain a genuine trusted certificate for a mozilla.org domain - if both of these conditions applied i think there are also lots of other things to worry about, not only the integrity of addon updates...

androdebugur
androdebugur Auteur de la question
more options

Happy112 said

Hi &nsp; !
As long as you haven't downloaded or clicked on anything suspicious,   like fake updates,  you have nothing to worry about.
You're apparantly on the alert for these kind of things:   good for you   !

philipp said

hi androdebugur, in case you are referring to the recently disclosed certificate pinning bug, eg. https://hackernoon.com/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4 i think it is quite improbably that it had practical implications. for an attack to work, the attacker would need to be in a position to intercept, control and alter your network traffic and obtain a genuine trusted certificate for a mozilla.org domain - if both of these conditions applied i think there are also lots of other things to worry about, not only the integrity of addon updates...


Thank you.

Happy112
Happy112
more options

androdebugur said

Thank you.

That is so sweet and highly appreciated   !